httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: More help with apache and CGI-Perl
Date Tue, 02 Jul 2002 08:02:19 GMT
>From: John Passaniti [mailto:jpass@rochester.rr.com]
>
> (1) So Why does Apache announce it's own platform in a bad
>request response and likely other responses?
> ...
> (2) In my experience, the script kiddies
>looking for vulnerabilities simply point their scripts at a block of IP
>addresses and let them rip.  

You answered your own question; because of (2), (1) doesn't matter!

Announcing a full server signature is friendly, doesn't encourage targetted hacking (by theorem
(2)) and doesn't harm your security (put it another way, if your system security depends on
no-one guessing your apache version, your in a bit of a pickle).

Rgds,

Owen Boyle

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message